[Samba] Multi samba domain in one LDAP Backend with multi-site authentication

Thibault Vançon t.vancon at gmail.com
Fri Jan 29 03:59:30 MST 2010


I need some help to set up a multi-site authentication architecture with

Our company is composed by 6 sites which are VPN-Linked.

On each, there is Samba 3.0.27 PDC with LDAP backend on Debian Etch (I will
probably upgrade it to lenny with this project, and an upper version of
Samba). We would like to permit an user of one domain to login in other with
the same credentials.

Actually, if a user need to connect to a share of another domain, we have to
create it again in the other LDAP backend. So we have a lot of doubloon,
what is not very good because we store a lot of administrative information
as email, function, etc. , and we need to use LDAP for others application
(Intranet on Apache server, ERP,…).

My boss is not closed with that and want to keep the multi-domain
architecture (I’m actually converting it to free software…). I know that it
would be easier to have only one domain with LDAP replication, but he still
don’t want.

Is there a multi samba domain schema for LDAP ? What about trusted
relationship ? Are they work fine ? Other possibilities (RADIUS, etc.) ?

Thanks a lot for answer, and sorry for my English which is not very well.

Thibault Vançon


System and Network administrator – Alsapan – France

More information about the samba mailing list